Comprehensive and Detailed Explanation From Exact Extract:
Steganography is used to save or embed secret data within another file or medium, allowing covert communication without alerting observers to the presence of the data.
The goal is to conceal, not highlight or delete data.
It does not erase or delete secret data; instead, it hides it.
This aligns with standard definitions in cybersecurity and forensic literature including NIST's cybersecurity frameworks.
Questions # 22:
An organization has identified a system breach and has collected volatile data from the system.
Comprehensive and Detailed Explanation From Exact Extract:
In incident response, after collecting volatile data (such as contents of RAM), the next priority is often to collect network-related evidence such as active network connections. Network connections can reveal ongoing communications, attacker activity, command and control channels, or data exfiltration paths.
Running processes and temporary data are also volatile but typically collected simultaneously or immediately after volatile memory.
File timestamps relate to non-volatile data and are collected later after volatile data acquisition to preserve evidence integrity.
This sequence is supported by NIST SP 800-86 and SANS Incident Handler’s Handbook which emphasize the volatility of evidence and recommend capturing network state immediately after memory.
